$300 Device Can Steal Mac FileVault2 Passwords

Swedish hardware hacker Ulf Frisk has published today instructions on how to build and use a $300 device that can retrieve login passwords for Macs protected by Apple’s FileVault2 disk encryption system.

Frisk’s invention is named PCILeech, a device he created for carrying out Direct Memory Access (DMA) attacks, which allows an attacker to read the memory of 64bit-based operating systems such as Linux, FreeBSD, macOS and Windows.

PCILeech, which only runs on Windows 7 and Windows 10 PCs, uses custom software, which users can download from GitHub. The device also runs on a custom hardware rig, and the same GitHub repo provides the list of needed components.

Apple FileVault2 design bugs exposed devices to PCILeech

Frisk says he discovered this summer two design flaws in how Apple implemented FileVault2 Mac disk encryption. The researcher says he integrated these two bugs in version 1.3 of PCILeech, capable of extracting Mac passwords in cleartext.

The researcher says the first problem he found is that a Mac’s EFI, the homologue of a Windows BIOS/UEFI, opens Thunderbolt 2 ports before the operating system has had a chance to boot.

Frisk says that an attacker can use these Thunderbolt 2 ports to connect devices that can read a Mac’s memory before the operating system starts, at which moment macOS starts anti-DMA protections, preventing his attack from working.

FileVault2 / logon password stored in memory in cleartext

This wouldn’t be a big deal in normal conditions, but Frisk says he also discovered that before macOS starts, the FileVault2 password (which also doubles as the Mac’s logon password) is stored in the computer’s memory in cleartext.

“The FileVault password is […] not automatically scrubbed from memory once the disk is unlocked,” said Frisk, which means the password lingers around after the user has authenticated.

“The password is put in multiple memory locations,” Frisk adds, “which all seems to move around between reboots, but within a fixed memory range.”

This has allowed Frisk to create a special set of operations for PCILeech that keeps an eye on that memory range, identifies the password and extracts it after the Mac reboots, in that short interval of time before the macOS anti-DMA protection kick in.

PCILeech attack takes 30 seconds

Frisk says the attack only works if an attacker has physical access to a Mac or MacBook, but the attack takes under 30 seconds.

A YouTube video embedded below shows Frisk carrying out the attack under a minute, but he was moving slow and giving verbal instructions.

Issues fixed in macOS 10.12.2

Frisk, who found the issues last July, contacted Apple and informed the company of his findings.

On Tuesday, December 13, Apple released macOS 10.12.2, which fixes the issues Frisk reported.

“The solution Apple decided upon and rolled out is a complete one. At least to the extent that I have been able to confirm,” Frisk said. “It is no longer possible to access memory prior to macOS boot. The Mac is now one of the most secure platforms with regards to this specific attack vector.”

In November, hardware hacker Samy Kamkar created a similar device, called PoisonTap, which can extract passwords, hijack web traffic, and install backdoors on password-protected Windows computers.